91a3d26ad4d86fb9c29e632e86ce74bd4c75da0b01c832d48e26a06acacb73c6

Sharing

Copy URL Twitter E-mail

General

Target

91a3d26ad4d86fb9c29e632e86ce74bd4c75da0b01c832d48e26a06acacb73c6
Size

8.8MB
MD5

ede52f8b15fd7d8a8c703b52fe23a434
SHA1

6022b1650b46ec4e804672d8c2eeeb6fe044ec67
SHA256

91a3d26ad4d86fb9c29e632e86ce74bd4c75da0b01c832d48e26a06acacb73c6
SHA512

7ca4ee0b9503fa4070cd515db7ebdd8df82b056802859c424bf3ed84e7ef937a64393f4fd8d9abbb87d0ae3ec593d98159f335a6051f9af780cf7e20237fd830
SSDEEP

98304:daEznKUhG0USqz7lcuLqfZAsmb4SA5dmV0woZJVxeK1dhMkRyk1zZPaCHxPehd:0Ez9hG0USw7lVLmOsmb4SAS8ff/1zxx6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
91a3d26ad4d86fb9c29e632e86ce74bd4c75da0b01c832d48e26a06acacb73c6

Files

91a3d26ad4d86fb9c29e632e86ce74bd4c75da0b01c832d48e26a06acacb73c6
.exe windows:6 windows x86 arch:x86

323ac10050d67324fb30c18e7553dbab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\jenkins\workspace\EdgeEndpoint----6de9da72\Endpoint\.build\win32\release\bin\KaseyaEndpoint.pdb

Imports

crypt32

PFXExportCertStoreEx
PFXImportCertStore
CertDeleteCertificateFromStore
CertAddCertificateContextToStore
CertOpenStore
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertAddEncodedCertificateToStore

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorA
FreeSid
GetUserNameW
SetEntriesInAclW
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
BuildTrusteeWithSidW
ConvertStringSidToSidA
OpenThreadToken
ImpersonateSelf
LookupPrivilegeValueW
CloseServiceHandle
OpenSCManagerA
OpenServiceA
QueryServiceStatusEx
RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW
StartServiceW
ChangeServiceConfig2W
ControlService
CreateServiceW
DeleteService
OpenSCManagerW
OpenServiceW
SetTokenInformation
DuplicateTokenEx
AdjustTokenPrivileges
OpenProcessToken
CreateProcessAsUserW
AllocateAndInitializeSid
RegSetValueExW
RegCloseKey
ReportEventA
RegisterEventSourceA
DeregisterEventSource
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCreateKeyExW
CheckTokenMembership

ws2_32

sendto
recvfrom
connect
socket
closesocket
bind
accept
send
recv
getsockname
ioctlsocket
getsockopt
__WSAFDIsSet
gethostbyname
getpeername
getnameinfo
freeaddrinfo
getaddrinfo
WSASocketW
WSASendTo
WSASend
WSARecvFrom
WSARecv
WSAIoctl
WSAGetLastError
WSASetLastError
WSACleanup
WSAStartup
shutdown
setsockopt
select
ntohs
ntohl
listen
htons
htonl

user32

MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
GetDesktopWindow
GetSystemMetrics

kernel32

LoadLibraryExW
ExitProcess
GetModuleHandleExW
SetConsoleCtrlHandler
CreateThread
ExitThread
FreeLibraryAndExitThread
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetConsoleCP
GetCommandLineA
GetConsoleMode
ReadConsoleW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileSizeEx
GetTimeZoneInformation
SetStdHandle
RtlUnwind
RaiseException
InterlockedPushEntrySList
SetConsoleMode
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
InitializeSListHead
GetLocaleInfoEx
GetCPInfo
CompareStringEx
CreateSemaphoreA
CreateEventA
OpenEventA
GetModuleHandleA
GetTickCount
CloseHandle
WaitForSingleObjectEx
ReleaseSemaphore
DuplicateHandle
GetProcAddress
GetCurrentProcessId
GetCurrentProcess
SetEvent
ResetEvent
TlsFree
GetProcessHeap
HeapAlloc
HeapFree
DeleteCriticalSection
GetLastError
WTSGetActiveConsoleSessionId
VerSetConditionMask
CreateFileA
ReadFile
WriteFile
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
ReleaseMutex
WaitForSingleObject
SleepEx
CreateMutexW
SetWaitableTimer
Sleep
WaitForMultipleObjects
CreateWaitableTimerW
QueueUserAPC
GetCurrentThreadId
TerminateThread
TlsAlloc
TlsGetValue
TlsSetValue
VerifyVersionInfoW
MultiByteToWideChar
WideCharToMultiByte
GetSystemTimeAsFileTime
SetFileAttributesW
InitializeCriticalSection
ResumeThread
ProcessIdToSessionId
GetComputerNameExW
GlobalFree
FormatMessageW
GetSystemDirectoryW
VirtualQuery
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
LocalFree
GetProcessTimes
OpenProcess
GetEnvironmentStringsW
TerminateProcess
CreateProcessW
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
GetExitCodeProcess
GetCommandLineW
GetCurrentDirectoryW
GetFullPathNameW
GetModuleFileNameW
CreateFileW
GetVersionExW
GetNativeSystemInfo
GetCurrentThread
FreeLibrary
LoadLibraryA
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
GetTempPathW
GetDriveTypeW
GetLogicalDriveStringsW
GetVolumeInformationW
FlushFileBuffers
GetFileSize
SetEndOfFile
SetFilePointer
SetErrorMode
SetUnhandledExceptionFilter
QueryPerformanceCounter
FormatMessageA
GetSystemTime
SystemTimeToFileTime
LockFileEx
CreateFileMappingA
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
GetSystemInfo
HeapReAlloc
DeleteFileW
DeleteFileA
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
GetFileAttributesW
UnlockFileEx
GetFullPathNameA
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
HeapCreate
AreFileApisANSI
TryEnterCriticalSection
VirtualLock
VirtualUnlock
GetStdHandle
GetFileType
GetVersion
FindClose
GlobalMemoryStatus
FlushConsoleInputBuffer
VerifyVersionInfoA
PeekNamedPipe
ExpandEnvironmentStringsA
WaitForMultipleObjectsEx
CreateWaitableTimerA
QueryPerformanceFrequency
GetEnvironmentVariableW
CreateDirectoryW
FindFirstFileW
FindNextFileW
GetFileInformationByHandle
GetFileTime
RemoveDirectoryW
SetFilePointerEx
SetFileTime
DeviceIoControl
GetWindowsDirectoryW
CopyFileW
GetModuleHandleW
ReadConsoleInputW
IsValidCodePage
GetACP
GetOEMCP
FreeEnvironmentStringsW
SetEnvironmentVariableW
FindFirstFileExW
CreateEventW
GetStringTypeW
GetExitCodeThread
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
WriteConsoleW

shell32

SHGetSpecialFolderPathW
CommandLineToArgvW

mswsock

AcceptEx
GetAcceptExSockaddrs

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

winhttp

WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpOpen
WinHttpCloseHandle

userenv

CreateEnvironmentBlock

wtsapi32

WTSFreeMemory
WTSQueryUserToken
WTSEnumerateSessionsW
WTSQuerySessionInformationW
WTSSendMessageW

dbghelp

SymGetModuleBase64
SymFunctionTableAccess64

shlwapi

SHDeleteKeyW

Sections

.text
Size: 6.6MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fipstx
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 716KB - Virtual size: 741KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fipsro
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

fipsrd
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

fipsda
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

323ac10050d67324fb30c18e7553dbab

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

advapi32

ws2_32

user32

kernel32

shell32

mswsock

iphlpapi

winhttp

userenv

wtsapi32

dbghelp

shlwapi

Sections

.text Size: 6.6MB - Virtual size: 6.6MB

fipstx Size: 60KB - Virtual size: 60KB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 716KB - Virtual size: 741KB

fipsro Size: 37KB - Virtual size: 37KB

fipsrd Size: 8KB - Virtual size: 7KB

fipsda Size: 5KB - Virtual size: 5KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 6.6MB - Virtual size: 6.6MB

fipstx
Size: 60KB - Virtual size: 60KB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 716KB - Virtual size: 741KB

fipsro
Size: 37KB - Virtual size: 37KB

fipsrd
Size: 8KB - Virtual size: 7KB

fipsda
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 3KB - Virtual size: 2KB